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Disclaimer 


This report (“Report”) was prepared by Mazars LLP at the request of the Information Commissioner’s Office (ICO) and terms for the preparation and scope of the Report have been agreed with 
them. The matters raised in this Report are only those which came to our attention during our internal audit work. Whilst every care has been taken to ensure that the information provided in this 
Report is as accurate as possible, Internal Audit have only been able to base findings on the information and documentation provided and consequently no complete guarantee can be given that this 
Report is necessarily a comprehensive statement of all the weaknesses that exist, or of all the improvements that may be required. 


The Report was prepared solely for the use and benefit the ICO and to the fullest extent permitted by law Mazars LLP accepts no responsibility and disclaims all liability to any third party who 
purports to use or rely for any reason whatsoever on the Report, its contents, conclusions, any extract, reinterpretation, amendment and/or modification. Accordingly, any reliance placed on the 
Report, its contents, conclusions, any extract, reinterpretation, amendment and/or modification by any third party is entirely at their own risk. Please refer to the Statement of Responsibility in 
Appendix A3 of this report for further information about responsibilities, limitations and confidentiality. 


01 Summary 


The purpose of this report is to provide an update to the Audit Committee on the progress of the Internal Audit Strategy for the year ending 31 March 2022. In 
Section 02, we have provided a summary of our work to date, including the status and timing of each audit. Section 03 includes details of ESG 
(Environmental, Social and governance matters). 


02 Current progress in 2021/22 


Plan overview 


Auditable Area Audit start date Assurance Level m) 
pi (P2 jes | 
3 


Cyber security June 2021 Final report 8 8 


Fines recovery June 2021 Final report = = 1 
Core financial controls October 2021 Final report - 1 4 
Stakeholder management October 2021 Final report = 3 z 
Workforce planning November 2021 Fieldwork 

Procurement and contract management January 2022 TBC 


Performance reporting and management February 2022 
information 


Follow Up January 2021 N/A DEERE 


Planning 
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03 Demystifying ESG — A pathway to enhance social value in the public and social 
sector 


ESG (referring to environmental, social and governance matters) is an increasingly common term and is quickly penetrating the public and social sector. ESG 
is a huge opportunity for sector transformation to reposition environmental and social value at the forefront of decision making across an entire organisation. 
Failure to identify and effectively manage ESG-related risks poses serious threats to an organisation’s ability to achieve its strategic objectives. In addition, 
there are wide-ranging opportunities to be seized in the ESG space such as talent attraction and retention, access to funding and increased sustainability and 
resilience. 


Social value has always been at the heart of the public and social sector, it defines its meaning and purpose, but sustainability and ESG encompass a much 
wider remit than social value. This may be causing confusion as leadership teams struggle to articulate this remit, how best to manage its implementation, 
and in many cases how to get started. This is particularly true of achieving net zero, which we address in our report. 


Our latest research, based on a survey of 57 public and social sector leaders, highlights the challenges and progress being made with ESG. The report is 
available to download via the link below and focusses on the issues specifically faced by public and social sector organisations. 


Demystiying ESG 


Download here 


Demystifying ESG: 
Ar cial va 
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A1 Statement of responsibility 
We take responsibility to ICO for this report which is prepared on the basis of the limitations set out below. 


The responsibility for designing and maintaining a sound system of internal control and the prevention and detection of fraud and other irregularities rests with 
management, with internal audit providing a service to management to enable them to achieve this objective. Specifically, we assess the adequacy and 
effectiveness of the system of internal control arrangements implemented by management and perform sample testing on those controls in the period under 
review with a view to providing an opinion on the extent to which risks in this area are managed. 


We plan our work in order to ensure that we have a reasonable expectation of detecting significant control weaknesses. However, our procedures alone 
should not be relied upon to identify all strengths and weaknesses in internal controls, nor relied upon to identify any circumstances of fraud or irregularity. 
Even sound systems of internal control can only provide reasonable and not absolute assurance and may not be proof against collusive fraud. 


The matters raised in this report are only those which came to our attention during the course of our work and are not necessarily a comprehensive statement 
of all the weaknesses that exist or all improvements that might be made. Recommendations for improvements should be assessed by you for their full impact 
before they are implemented. The performance of our work is not and should not be taken as a substitute for management’s responsibilities for the 
application of sound management practices. 


This report is confidential and must not be disclosed to any third party or reproduced in whole or in part without our prior written consent. To the fullest extent 
permitted by law Mazars LLP accepts no responsibility and disclaims all liability to any third party who purports to use or rely for any reason whatsoever on 
the Report, its contents, conclusions, any extract, reinterpretation amendment and/or modification by any third party is entirely at their own risk. 
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Contacts 


Peter Cudlip 
Partner, Mazars 
peter.cudlip@mazars.co.uk 


Darren Jones 
Manager, Mazars 
darren.jones@mazars.co.uk 


Mazars is an internationally integrated partnership, specialising in audit, accountancy, advisory, tax and legal services*. Operating in over 90 countries and 
territories around the world, we draw on the expertise of 40,400 professionals — 24,400 in Mazars’ integrated partnership and 16,000 via the Mazars North 
America Alliance — to assist clients of all sizes at every stage in their development. 


*where permitted under applicable country laws. 


www.mazars.co.uk 
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